I am trying to deploy Google’s nginx hello world example via App Engine’s flexible env. I’m using the same setup as detailed in the quick start guide, with the exception of network settings added to app.yaml
(file contents below):
runtime: custom
env: flex
network:
name: my_network
subnetwork_name: my_subnet
For replication, my exact process is (from within a GCP cloud shell):
- clone Google’s example repo,
cd
into the nginx directory,- update
app.yaml
to reflect the correct network setup (see above), - run
gcloud app deploy .
orgcloud beta app deploy .
.
The result is an error 13:
53db376e88c7: Layer already exists
3baebd9b50ad: Layer already exists
1401df2b50d5: Layer already exists
57a9a0cdd450: Layer already exists
latest: digest: sha256:96324cd5dd0571fa98e461ecfc844cefc74c1bad7d621273f11f94e7676cde86 size: 2605
DONE
----------------------------------------------------------------------------------------------------
Updating service [default] (this may take several minutes)...failed.
ERROR: (gcloud.app.deploy) Error Response: [13] An internal error occurred.
I have attempted deploying with different healthcheck options but recieve the following:
ERROR: (gcloud.app.deploy) INVALID_ARGUMENT: Legacy health checks are no longer supported for the App Engine Flexible environment. Please remove the 'health_check' section from your app.yaml and configure updated health checks. For instructions on migrating to split health checks see https://cloud.google.com/appengine/docs/flexible/java/migrating-to-split-health-checks
I assume the advice to do so is out of date.
The app itself runs fine from a docker container. Any advice would be welcome
2
Answers
Google support supplied a solution which worked for me. However, Error 13 is relatively general so YMMV. In your deployment environment, run the following:
gcloud config set interactive/hidden true
gcloud app update --service-account=PROJECT_DEFAULT_APP_ENGINE_SA
gcloud app deploy
1 exposes hidden commands/flags and 2 sets the active service account for the app.
Beware - a project's default App Engine SA is heavily permissioned so it may be worth isolating App Engine to its own project to minimise risk.
I also tried reproducing the same scenario you have mentioned but no error was thrown to me. When adding the network to your app.yaml you have to make sure you use the short name for network, this is mentioned here.
The network settings in your app.yaml should look something like this:
Where for
name
:And for
subnetwork_name
:If you are using a VPC shared network for your project, this will help you do it, all you need to do is follow the step by step given here.